Help analyze HijackThis logfile, Please

Discussion in 'Computer Support' started by Cynthia K., Jul 12, 2004.

  1. Cynthia K.

    Cynthia K. Guest

    Just a little background info first. Several days ago, my IE was going a
    little wonky (wouldn't load properly or freeze) after looking at a G-rated
    lyrics site. Then Windows started complaining about not much memory in C:\.
    So, I decided to check my computer with PestPatrol. Along with several
    Adwares, it showed belt.exe and SearchV. I had PestPatrol delete the two
    occurences, and had to reboot. However, things got worse after the reboot.
    I use ZoneAlarm Pro, and it started going wonky too. I couldn't access it
    5 minutes after I booted Windows, and Netscape couldn't be accessed. About
    7 minutes later, Windows just locked up. For some weird reason, I can "free
    up some memory" (and use my computer "normally", tho' IE keeps opening a
    blank webpage in a new window) if I shut down ZoneAlarm. Pest Patrol hasn't
    detected the SearchV virus again. I got HijackThis after seeing on the
    internet that it seems more preferable than Pest Patrol.

    Any help is appreciated, here's my log:
    Logfile of HijackThis v1.97.7
    Scan saved at 8:50:15 AM, on 7/12/2004
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PGP\IKESERVICE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\GWHOTKEY.EXE
    C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\ICONFIG.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\MSWHEEL.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
    C:\PGP\PGPTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
    C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE
    C:\WINDOWS\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    http://searchbar.findthewebsiteyouneed.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://searchbar.findthewebsiteyouneed.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://home.netscape.com/home/winsearch200.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://keyword.netscape.com/keyword/%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    http://searchbar.findthewebsiteyouneed.com/
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O3 - Toolbar: Anonymizer Toolbar - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} -
    C:\PROGRA~1\ANONYM~1\TOOLBAR\ANONYM~1.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee
    VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK
    ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.exe
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
    VirusScan\VSSTAT.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
    VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
    O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~2\point32.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [LEDTRAY.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\LEDTRAY.EXE
    O4 - HKLM\..\Run: [ICONFIG.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\ICONFIG.EXE
    "Software\Shuttle Technology\epcfw9x\Flash"
    O4 - HKLM\..\Run: [bslngncc] C:\WINDOWS\SYSTEM\bslngncc.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
    SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task]
    "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INS8144.TMP /R
    O4 - HKLM\..\Run: [SAHBundle] C:\windows\TEMP\bundle.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [IKEService95] c:\pgp\IKEService.exe
    O4 - HKLM\..\RunServices: [TrueVector]
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
    deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
    Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Windows Guardian.lnk = C:\Program Files\the
    HelpSpot!\Fawgrd32.exe
    O4 - Startup: Corel Desktop Application Director 8.LNK =
    C:\Corel\Suite8\Programs\DAD8.EXE
    O4 - Startup: PGPtray.lnk = C:\PGP\PGPTray.exe
    O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America
    Online 7.0\aoltray.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone
    Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .rmf: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPBeatSP.dll
    O12 - Plugin for .swf: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
    O12 - Plugin for .cgi: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
    O12 - Plugin for .pdf: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
    O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) -
    http://www.3dgreetings.com/Archive/PlayerX.CAB
    O16 - DPF: BBSetup - http://bonzi.www.conxion.com/freebuddy/wd/bbsetup.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: JT's Blocks -
    http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} -
    http://64.156.188.99/iwasher/pptproactauth/internetwasherpro.cab
    O16 - DPF: {1D870C86-AA3C-4451-81E4-71D480A1A652} -
    http://216.93.172.116/sub2bc.exe
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
    http://www.sikhmarg.com/wfplayer/tdserver.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    Conferencing) -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: Yahoo! Chat -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} -
    http://webpdp.gator.com/v3/download/pdpplugin5094_hd3sstb.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie
    /us/win/QuickTimeInstaller.exe
    O16 - DPF: Pop Fu by pogo.com -
    http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
    O16 - DPF: Yahoo! Freecell Solitaire -
    http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
    O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} -
    http://delivery.inet-traffic.com/intdel.exe
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
    http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab
    O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} -
    http://69.56.176.227/webplugin.cab
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
    http://download.abetterinternet.com/download/cabs/FIX19105/thin.cab
    O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} -
    http://files.cometsystems.com/cometcursor/cobrand/comet.cab?0.94478357946385
    731074157583060
    O16 - DPF: {6C49A32B-6730-6C4B-87AF-DBA39448D8AF} (DownloadUL Class) -
    http://public.searchbarcash.com/cab/042/idkwmkty.cab
    O16 - DPF: Yahoo! Dice -
    http://download.games.yahoo.com/games/clients/y/dct2_x.cab
    O16 - DPF: Yahoo! Pyramids -
    http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
    http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O16 - DPF: Yahoo! Word Racer -
    http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: Yahoo! Klondike Solitaire -
    http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) -
    http://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
    http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
    http://www.bundleware.com/activeX/DS3/DS3.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
    204.134.124.2,204.134.124.3
    Cynthia K., Jul 12, 2004
    #1
    1. Advertising

  2. Cynthia K.

    Skalek Guest

    "Cynthia K." <> wrote in message
    news:...
    > Just a little background info first. Several days ago, my IE was going a
    > little wonky (wouldn't load properly or freeze) after looking at a G-rated
    > lyrics site. Then Windows started complaining about not much memory in

    C:\.
    > So, I decided to check my computer with PestPatrol. Along with several
    > Adwares, it showed belt.exe and SearchV. I had PestPatrol delete the two
    > occurences, and had to reboot. However, things got worse after the

    reboot.
    > I use ZoneAlarm Pro, and it started going wonky too. I couldn't access

    it
    > 5 minutes after I booted Windows, and Netscape couldn't be accessed.

    About
    > 7 minutes later, Windows just locked up. For some weird reason, I can

    "free
    > up some memory" (and use my computer "normally", tho' IE keeps opening a
    > blank webpage in a new window) if I shut down ZoneAlarm. Pest Patrol

    hasn't
    > detected the SearchV virus again. I got HijackThis after seeing on the
    > internet that it seems more preferable than Pest Patrol.


    First,

    I want you to fix some of those entries. Please do the following:

    Please make sure that you can view all hidden files. Instructions on how to
    do this can be found here:

    How to see hidden files in Windows
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=62

    Run Hijackthis again, click scan, and Put a checkmark next to each of these.
    Then click the Fix button

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    http://searchbar.findthewebsiteyouneed.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    http://searchbar.findthewebsiteyouneed.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    http://searchbar.findthewebsiteyouneed.com/
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O4 - HKLM\..\Run: [bslngncc] C:\WINDOWS\SYSTEM\bslngncc.exe
    O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INS8144.TMP /R
    O4 - HKLM\..\Run: [SAHBundle] C:\windows\TEMP\bundle.exe
    O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} -
    http://64.156.188.99/iwasher/pptproactauth/internetwasherpro.cab
    O16 - DPF: {1D870C86-AA3C-4451-81E4-71D480A1A652} -
    http://216.93.172.116/sub2bc.exe
    O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} -
    http://webpdp.gator.com/v3/download/pdpplugin5094_hd3sstb.cab
    O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} -
    http://delivery.inet-traffic.com/intdel.exe
    O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
    http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab
    O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} -
    http://69.56.176.227/webplugin.cab
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
    http://download.abetterinternet.com/download/cabs/FIX19105/thin.cab
    O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} -
    http://files.cometsystems.com/cometcursor/cobrand/comet.cab?0.94478357946385
    731074157583060
    O16 - DPF: {6C49A32B-6730-6C4B-87AF-DBA39448D8AF} (DownloadUL Class) -
    http://public.searchbarcash.com/cab/042/idkwmkty.cab
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) -
    http://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab
    O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
    http://www.bundleware.com/activeX/DS3/DS3.cab

    Reboot your computer into

    Safe Mode
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=61

    and delete the following files:

    Then delete these files or directories (Do not be concerned if they do not
    exist)
    C:\WINDOWS\SYSTEM\bslngncc.exe
    C:\WINDOWS\TEMP\INS8144.TMP
    C:\windows\TEMP\bundle.exe

    Reboot your computer to go back to normal mode.

    Then,

    Please download VXFInder9x from :

    http://download.broadbandmedic.com/VX2Finder9x(126).exe

    This is for Windows 98/ME Only.


    Please run this program and click on the button Click to find
    VX2.Betterinternet.

    If any items are listed, select all the files and delete them all by
    clicking on the Delete these files

    Then click on the User Agent$ button.

    If you have the Quicklaunch toolbar, you can click on the Import Reg button.


    Reboot again and post a new hijackthis log

    --
    Lawrence Abrams
    http://www.bleepingcomputer.com
    Source for Original Content, Tutorials, and Support for the beginning
    computer user.
    Skalek, Jul 12, 2004
    #2
    1. Advertising

  3. Cynthia K.

    °Mike° Guest

    On Mon, 12 Jul 2004 09:16:06 -0600, in
    <>
    Cynthia K. scrawled:

    <snip>

    >Any help is appreciated, here's my log:
    >Logfile of HijackThis v1.97.7



    <snip>

    >R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    >http://searchbar.findthewebsiteyouneed.com/


    Have HijackThis fix the above.


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    >http://searchbar.findthewebsiteyouneed.com


    Have HijackThis fix the above.


    >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    >http://searchbar.findthewebsiteyouneed.com/


    Have HijackThis fix the above.


    >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    >http://searchbar.findthewebsiteyouneed.com/


    Have HijackThis fix the above.


    >O1 - Hosts: 69.20.16.183 auto.search.msn.com
    >O1 - Hosts: 69.20.16.183 search.netscape.com
    >O1 - Hosts: 69.20.16.183 ieautosearch


    Have HijackThis fix the above.


    >O4 - HKLM\..\Run: [bslngncc] C:\WINDOWS\SYSTEM\bslngncc.exe


    Have HijackThis fix the above.


    >O4 - HKLM\..\Run: [WebInstall2] C:\WINDOWS\TEMP\INS8144.TMP /R


    Have HijackThis fix the above.


    >O4 - HKLM\..\Run: [SAHBundle] C:\windows\TEMP\bundle.exe


    Have HijackThis fix the above.


    >O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) -
    >http://www.3dgreetings.com/Archive/PlayerX.CAB


    Have HijackThis fix the above.


    >O16 - DPF: BBSetup - http://bonzi.www.conxion.com/freebuddy/wd/bbsetup.exe


    Have HijackThis fix the above.


    >O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} -
    >http://64.156.188.99/iwasher/pptproactauth/internetwasherpro.cab


    Have HijackThis fix the above.


    >O16 - DPF: {1D870C86-AA3C-4451-81E4-71D480A1A652} -
    >http://216.93.172.116/sub2bc.exe


    Have HijackThis fix the above.


    >O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
    >http://www.sikhmarg.com/wfplayer/tdserver.cab


    Have HijackThis fix the above.


    >O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} -
    >http://webpdp.gator.com/v3/download/pdpplugin5094_hd3sstb.cab


    Have HijackThis fix the above.


    >O16 - DPF: Pop Fu by pogo.com -
    >http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab


    Have HijackThis fix the above.


    >O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} -
    >http://delivery.inet-traffic.com/intdel.exe


    Have HijackThis fix the above.


    >O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} -
    >http://www.addictivetechnologies.net/DM0/cab/ATPartners.cab


    Have HijackThis fix the above.


    >O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} -
    >http://69.56.176.227/webplugin.cab


    Have HijackThis fix the above.


    >O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
    >http://download.abetterinternet.com/download/cabs/FIX19105/thin.cab


    Have HijackThis fix the above.


    >O16 - DPF: {1678F7E1-C422-11D0-AD7D-00400515CAAA} -
    >http://files.cometsystems.com/cometcursor/cobrand/comet.cab?0.94478357946385
    >731074157583060


    Have HijackThis fix the above.


    >O16 - DPF: {6C49A32B-6730-6C4B-87AF-DBA39448D8AF} (DownloadUL Class) -
    >http://public.searchbarcash.com/cab/042/idkwmkty.cab


    Have HijackThis fix the above.


    >O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) -
    >http://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab


    Have HijackThis fix the above.


    >O16 - DPF: {DDFFA75A-E81D-4454-89FC-B9FD0631E726} -
    >http://www.bundleware.com/activeX/DS3/DS3.cab


    Have HijackThis fix the above.


    >O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
    >204.134.124.2,204.134.124.3


    If the above IPs are not from your ISP or network, have
    HijackThis fix the above.

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Jul 12, 2004
    #3
  4. Cynthia K.

    Cynthia K. Guest

    Thanks for the suggestions! Here is the log from the scan after I cleaned
    up the stuff you guys mentioned:

    Logfile of HijackThis v1.97.7
    Scan saved at 1:29:48 PM, on 7/13/2004
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PGP\IKESERVICE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\GWHOTKEY.EXE
    C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\ICONFIG.EXE
    C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\WINDOWS\SYSTEM\MSWHEEL.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
    C:\PGP\PGPTRAY.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://home.netscape.com/home/winsearch200.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://keyword.netscape.com/keyword/%s
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O3 - Toolbar: Anonymizer Toolbar - {C14DC52F-B4D9-11D5-B1E6-0050DAD7AF62} -
    C:\PROGRA~1\ANONYM~1\TOOLBAR\ANONYM~1.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee
    VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK
    ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.exe
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
    VirusScan\VSSTAT.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
    VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
    O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~2\point32.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [LEDTRAY.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\LEDTRAY.EXE
    O4 - HKLM\..\Run: [ICONFIG.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\ICONFIG.EXE
    "Software\Shuttle Technology\epcfw9x\Flash"
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
    SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task]
    "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [IKEService95] c:\pgp\IKEService.exe
    O4 - HKLM\..\RunServices: [TrueVector]
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
    deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
    Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Windows Guardian.lnk = C:\Program Files\the
    HelpSpot!\Fawgrd32.exe
    O4 - Startup: Corel Desktop Application Director 8.LNK =
    C:\Corel\Suite8\Programs\DAD8.EXE
    O4 - Startup: PGPtray.lnk = C:\PGP\PGPTray.exe
    O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America
    Online 7.0\aoltray.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone
    Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .rmf: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPBeatSP.dll
    O12 - Plugin for .swf: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
    O12 - Plugin for .cgi: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
    O12 - Plugin for .pdf: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
    O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: JT's Blocks -
    http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
    http://www.sikhmarg.com/wfplayer/tdserver.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    Conferencing) -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: Yahoo! Chat -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie
    /us/win/QuickTimeInstaller.exe
    O16 - DPF: Yahoo! Freecell Solitaire -
    http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
    O16 - DPF: Yahoo! Dice -
    http://download.games.yahoo.com/games/clients/y/dct2_x.cab
    O16 - DPF: Yahoo! Pyramids -
    http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
    http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O16 - DPF: Yahoo! Word Racer -
    http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: Yahoo! Klondike Solitaire -
    http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
    http://zone.msn.com/binGame/ZAxRcMgr.cab
    Cynthia K., Jul 13, 2004
    #4
  5. Cynthia K.

    °Mike° Guest

    On Tue, 13 Jul 2004 13:46:03 -0600, in
    <>
    Cynthia K. scrawled:

    >Thanks for the suggestions! Here is the log from the scan after I cleaned
    >up the stuff you guys mentioned:
    >
    >Logfile of HijackThis v1.97.7
    >Scan saved at 1:29:48 PM, on 7/13/2004
    >Platform: Windows 98 Gold (Win9x 4.10.1998)
    >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


    <snip>

    >O1 - Hosts: 69.20.16.183 auto.search.msn.com
    >O1 - Hosts: 69.20.16.183 search.netscape.com
    >O1 - Hosts: 69.20.16.183 ieautosearch


    Either you didn't tell HijackThis to fix your hosts file,
    or your hosts file may have it's "Read Only" attribute
    set, to prevent change. Right click on your hosts
    file, found in your Windows folder and has no extension.
    Select 'Properties' and uncheck 'Read Only' / Apply / Ok.

    Now run HijackThis again and fix the above.


    >O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
    >http://www.sikhmarg.com/wfplayer/tdserver.cab


    Have HijackThis fix the above.

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Jul 13, 2004
    #5
  6. "Cynthia K." <> wrote in message
    news:...
    > Thanks for the suggestions! Here is the log from the scan after I cleaned
    > up the stuff you guys mentioned:
    >


    I want you to fix some of those entries. Please do the following:

    Please make sure that you can view all hidden files. Instructions on how to
    do this can be found here:

    How to
    see hidden files in Windows


    Run Hijackthis again, click scan, and Put a checkmark next to each of
    these. Then click the Fix button

    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch

    Then,

    Please download VXFInder9x from :

    http://www.downloads.subratam.org/VX2Finder9x(126).exe

    This is for Windows 98/ME Only.


    Please run this program and click on the button Click to find
    VX2.Betterinternet.

    If any items are listed, select all the files and delete them all by
    clicking on the Delete these files

    Then click on the User Agent$ button.

    If you have the Quicklaunch toolbar, you can click on the Import Reg button.

    Reboot and post a new log. Also tell me if your computer is running better
    Lawrence Abrams, Jul 13, 2004
    #6
  7. Cynthia K.

    Cynthia K. Guest

    My computer is running better. ZoneAlarm is running normally, and IE isn't
    freezing up. I ran the VXFinder9x program, it found some DLLs and a
    registry key, and had the program fix that. After I rebooted, a QuickLaunch
    toolbar appeared (wasn't there before) next to the Start button. No new
    files showed up on the VXFinder9x; I clicked the "Import Reg" button on the
    VXFinder program, but all it did was have a pop up stating "Import
    Look2Me.reg to Repair QuickLaunch Toolbar". I clicked OK, the pop-up
    closed, and nothing happened. Despite the toolbar, everything else seems
    doing okay, Windows doesn't freeze.

    Here's today's logfile:
    Logfile of HijackThis v1.97.7
    Scan saved at 2:37:38 PM, on 7/14/2004
    Platform: Windows 98 Gold (Win9x 4.10.1998)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PGP\IKESERVICE.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\GWHOTKEY.EXE
    C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
    C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\LEDTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\SHUTTLE TECHNOLOGY\ICONFIG.EXE
    C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\MSWHEEL.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FAWGRD32.EXE
    C:\PGP\PGPTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\FA_GD32.EXE
    C:\PROGRAM FILES\THE HELPSPOT!\RTFIXM32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://home.netscape.com/home/winsearch200.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://keyword.netscape.com/keyword/%s
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
    O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee
    VirusScan\avconsol.exe /minimize
    O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK
    ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.exe
    O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee
    VirusScan\VSSTAT.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE
    VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~2\tips\mouse\tips.exe
    O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~2\point32.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [LEDTRAY.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\LEDTRAY.EXE
    O4 - HKLM\..\Run: [ICONFIG.EXE] C:\PROGRA~1\COMMON~1\SHUTTL~1\ICONFIG.EXE
    "Software\Shuttle Technology\epcfw9x\Flash"
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe
    SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task]
    "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK
    ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [IKEService95] c:\pgp\IKEService.exe
    O4 - HKLM\..\RunServices: [TrueVector]
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
    deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program
    Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
    Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Startup: Windows Guardian.lnk = C:\Program Files\the
    HelpSpot!\Fawgrd32.exe
    O4 - Startup: Corel Desktop Application Director 8.LNK =
    C:\Corel\Suite8\Programs\DAD8.EXE
    O4 - Startup: PGPtray.lnk = C:\PGP\PGPTray.exe
    O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America
    Online 7.0\aoltray.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone
    Labs\ZoneAlarm\zapro.exe
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .rmf: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPBeatSP.dll
    O12 - Plugin for .swf: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
    O12 - Plugin for .cgi: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
    O12 - Plugin for .pdf: C:\PROGRAM
    FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\nppdf32.dll
    O16 - DPF: Win32 Classes - file://c:\windows\Java\classes\win32ie4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: JT's Blocks -
    http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    Conferencing) -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: Yahoo! Chat -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
    http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie
    /us/win/QuickTimeInstaller.exe
    O16 - DPF: Yahoo! Freecell Solitaire -
    http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
    O16 - DPF: Yahoo! Dice -
    http://download.games.yahoo.com/games/clients/y/dct2_x.cab
    O16 - DPF: Yahoo! Pyramids -
    http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
    http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v5.cab
    O16 - DPF: Yahoo! Word Racer -
    http://download.games.yahoo.com/games/clients/y/wt0_x.cab
    O16 - DPF: Yahoo! Klondike Solitaire -
    http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
    http://zone.msn.com/binGame/ZAxRcMgr.cab
    Cynthia K., Jul 14, 2004
    #7
  8. Cynthia K.

    °Mike° Guest

    On Wed, 14 Jul 2004 15:18:12 -0600, in
    <>
    Cynthia K. scrawled:

    >My computer is running better. ZoneAlarm is running normally, and IE isn't
    >freezing up. I ran the VXFinder9x program, it found some DLLs and a
    >registry key, and had the program fix that. After I rebooted, a QuickLaunch
    >toolbar appeared (wasn't there before) next to the Start button. No new
    >files showed up on the VXFinder9x; I clicked the "Import Reg" button on the
    >VXFinder program, but all it did was have a pop up stating "Import
    >Look2Me.reg to Repair QuickLaunch Toolbar". I clicked OK, the pop-up
    >closed, and nothing happened.


    It did, but behind the scenes. It removed and entry from the registry.

    >Despite the toolbar, everything else seems doing okay,
    >Windows doesn't freeze.
    >
    >Here's today's logfile:


    Your log looks clean.

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Jul 15, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lord Retsudo

    608180.net problem - hijackthis logfile help req!

    Lord Retsudo, Aug 8, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    1,186
    °Mike°
    Aug 9, 2004
  2. Hachabarata

    Please Help - HijackThis Logfile!

    Hachabarata, Dec 11, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    554
    Spoonman
    Feb 22, 2005
  3. Please analyze my hijackthis log

    , Jan 4, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    578
    Noel Paton
    Jan 4, 2005
  4. Nate

    Please help analyze my HiJackThis log...

    Nate, Oct 25, 2006, in forum: Computer Support
    Replies:
    7
    Views:
    534
    Leythos
    Oct 26, 2006
  5. Zeke129
    Replies:
    5
    Views:
    555
    Zeke129
    Mar 15, 2007
Loading...

Share This Page